Error updating properties for <user_name> [c004427A] The AssistantAdmin does not have enough p (NETIQKB25981)

  • 7725981
  • 02-Feb-2007
  • 19-Jun-2007


Directory and Resource Administrator 6.60

Error updating properties for <user_name> [c004427A] The Assistant Admin does not have enough powers to run the UserSetInfo operation.


If an Assistant Admin attempts to use the Directory and Resource Administrator Web Console to reset a user account's password, the following error may occur:

Error updating properties for <user_name>.
[c004427A] The Assistant Admin does not have enough powers to run the UserSetInfo operation.

The same Assistant Admin is able to perform the same operation successfully using the MMC interface.


The issue occurs when the ActiveView under which the Assistant Admin is performing these actions delegates both the View User Account Properties power and the Password - Modify a User Account power.  The View User Account Properties power exposes all flags in the userAccountControl property, including the User must change password at next logon flag.  While the View User Account Properties power exposes the flag, it does not delegate to the Assistant Admin the ability to modify it.  Thus, when the Web Console attempts to set this flag automatically when an Assistant Admin resets a user account's password, the error listed above is generated.


Hotfix 26323 corrects this situation, modifying the Web Console operation to correctly interpret these powers when both are delegated in the same ActiveView.

To install this hotfix, run the DRA66000_Hotfix26323a.exe file on the Administration server.

This hotfix modifies the following files on the Web component computer:

  • AccountManagement/Computers/ComputerCreate/TaskMain.asp
  • AccountManagement/Computers/ComputerCreate/TaskMessages.asp
  • AccountManagement/Groups/GroupCreate/TaskMain.asp
  • AccountManagement/Groups/GroupUpdate/GeneralTabMain.asp
  • AccountManagement/Groups/GroupUpdate/GeneralTabMessages.asp
  • AccountManagement/Users/UserClone/Properties.asp
  • AccountManagement/Users/UserCreate/TaskMain.asp
  • AccountManagement/Users/UserResetPassword/Properties.asp
  • AccountManagement/Users/UserUpdate/DialInTabMain.asp
  • AccountManagement/Users/UserUpdate/ProfileTabMain.asp
  • AccountManagement/Users/UserUpdate/StatsTabMain.asp
  • AccountManagement/Users/UserUpdate/StatsTabMessages.asp
  • AccountManagement/Users/UserUpdateNT4/DialInTabMain.asp
  • AccountManagement/Users/UserUpdateNT4/ProfileTabMain.asp
  • AccountManagement/Users/UserUpdateNT4/StatsTabMain.asp
  • AccountManagement/Users/UserUpdateNT4/StatsTabMessages.asp
  • AccountManagement/Users/UserVitalStats/Properties.asp
  • AccountManagement/Users/UserVitalStats/TaskMessages.asp
  • AccountManagement/Users/UserVitalStatsNT4/Properties.asp
  • AccountManagement/Users/UserVitalStatsNT4/TaskMessages.asp
  • Common/Scripts/LocalizeDate.asp
  • Common/Scripts/SearchForms/UserGroupBrowse/TaskMain.asp
  • Common/Scripts/SearchForms/UserGroupBrowse/TaskMessages.asp

By default, these files are located in the C:\Inetpub\wwwroot\DRAWeb\WebConsole\BuiltIn folder of servers with the DRA Web Component installed.


Hotfix 26323 also corrects other issues that are listed in the following Knowledge Base article:

Additional Information

Formerly known as NETIQKB25981